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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )I3 Responsive to communication(s) filed on 15 August 2000 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [3 Claim(s) 7-27 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-27 is/are rejected. 

7) L2 Claim(s) _ '. is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) £3 The specification is objected to by the Examiner. 

10) E3 The drawing(s) filed on 15 August 2000 is/are: a)Q accepted or b)£3 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) ^] Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)ES All b)D Some * c)D None of: 

1 .63 Certified copies of the priority documents have been received. 

2.L/ Certified copies of the priority documents have been received in Application No. . 



3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the international Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Specification 



1 . The disclosure is objected to because of the following informalities: The 
reference number 209 is used twice to refer to the physical layer and the private key 
database on pages 2 and 3. 

Appropriate correction is required. 



2. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) 
because reference character "209" has been used to designate both the physical layer 
and private key database. A proposed drawing correction or corrected drawings are 
required in reply to the Office action to avoid abandonment of the application. The 
objection to the drawings will not be held in abeyance. 



Drawings 



Claim Objections 



3. Claims 6, 14-16 objected to because of the following informalities: All reference 
numbers in claims 6,14-16 are not consistent with what is shown in the drawings and 
disclosed in the specification. Appropriate correction is required. 
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Claim Rejections - 35 USC §112 



4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 16-19 rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Claims 16-19 recites the limitation "encryption 
means". There is insufficient antecedent basis for this limitation in the claim. 

6. Claims 20-25 rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. The term "ones" in claim 20 is a relative term which 
renders the claim indefinite. The term "ones" is not defined by the claim, the 
specification does not provide a standard for ascertaining the requisite degree, and one 
of ordinary skill in the art would not be reasonably apprised of the scope of the 
invention. It is not understood by the examiner as to what the term "ones" is exactly 
referring to. 



Claim Rejections - 35 USC § 102 
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7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

8. Claims 1-17,26,27 rejected under 35 U.S.C. 102(e) as being anticipated by 
Fletcher et al (US pat 6,363,477). 

Regarding claim 1 , the applicant's own prior art admission teaches a method of 
processing encryption data in a computing entity said method characterized by 
comprising steps of: 

assigning a memory means of said computing entity into a plurality of memory 
areas (col. 8 lines 3-25); 

receiving encrypted data (fig.3; col. 9 lines 27-33); 

storing said encrypted data in a first memory area of said computing entity, said 
first memory area assigned for use by a kernel code of an operating system of said 
first computing entity (fig.3; col. 21 lines 21-22); 

writing said encrypted data stored in said first memory area into a second 
memory area associated with said computing entity (fig.4; col.21 lines 23-28); 

decrypting said encrypted data stored in said second memory area (col. 10 lines 
1-10; col.11 lines 15-18); and 
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writing said decrypted data from said second memory area to said first memory 
area (col.21 lines 23-28). 

Regarding claim 2, Fletcher et al teach a method as claimed in claim 1, wherein 
said first memory area is logically distinct from said second memory area (fig. 3; col. 8 
line 53 thru col. 9 line 4). 

Regarding claim 3, Fletcher et al teach a method as claimed in claim 1 , wherein 
said first memory area is configured to contain code of said operating system (col. 8 line 
61 thru col.9 Iine2). 

Regarding claim 4, Fletcher et al teach the method as claimed in claim 1 , 
wherein said second memory area is not used for storage of code of a kernel of said 
operating system (fig. 3; col. 8 line 53 thru col.9 line 4). 

Regarding claim 5, Fletcher et al teach the method as claimed in claim 1 , 
wherein said step of decrypting said encrypted data stored in said second area is 
carried out by an internet security protocol program resident in said second memory 
area (col. 10 lines 1-10; col. 11 lines 15-18). 

Regarding claim 6, Fletcher et al teach a method of processing encryption data 
in a computing entity said method characterized by comprising steps of: 
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assigning a memory means of said computing entity into a plurality of memory 
areas (col. 8 lines 3-25); 

storing decrypted data in a first said memory area of said plurality of memory 
areas, said first memory area being assigned for use by a kernel code of an operating 
system of said first computing entity (col. 21 lines 19-21); 

writing said stored data into a second memory area of said plurality of memory 
areas associated with said first communicating entity (fig.4 coL21 lines 23-28); 

encrypting said data stored in said second memory area (col. 10 lines 1-10; 
col. 11 lines 15-18); and 

writing said encrypted data from said second memory area to said first memory 
area (fig.4 col.21 lines 23-28). 

Method claims 7-9 are substantially equivalent to method claims 2-4 
respectively, therefore claims 7-9 are rejected because of similar rationale. 

Regarding claim 10, Fletcher et al teach a method as claimed in claim 8, further 
comprising the step of redirecting said encrypted data from said operating system in 
said first memory area to an encryption/decryption stack resident in said second 
memory area (fig.4; col. 8 lines 61-65; col.9 line 63 thru col. 10 line 10; col. 11 lines 15- 
18; col. 10 lines 30-34). 
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Regarding claim 11, Fletcher et al teach a method as claimed in claim 9, 
comprising the step of directing said data to said second memory area from said first 
memory area (col.9 lines 63-67; col. 10 lines 30-34; col.21 lines 22-28). 

Regarding claim 12, Fletcher et al teach a method as claimed in claim 6, 
wherein said step of encrypting said data stored in said second memory area is 
carried out by an internet protocol security program stored in said second memory 
area (col. 10 lines 1-10; col. 11 lines 15-18). 

Regarding claim 13, Fletcher et al teach a method of processing encrypted data 
in a computing entity, said computing entity comprising; 

a processor; and 

a memory means (col. 8 lines 3-25), 

wherein said memory means is divided into first and second memory areas, 
wherein said first memory area contains code of an operating system of said computer 
entity, said method comprising the steps of (fig.4 col. 8 line 61 thru col.9 line 2): 

receiving an encrypted data packet (fig. 3; col.9 lines 27-33); 

processing said data packet according to at least one packetization protocol of 
said operating system in said first memory area (fig.3; col. 8 line 61 thru col.9 line 2); 

outputting said data packet to said second memory area (col.9 lines 63-67; col. 10 
lines 30-34; col.21 lines 22-28); 

processing said data packet according to a decryption algorithm in said second 
memory area (col. 10 lines 1-10; col. 11 lines 15-18); and 
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returning said processed data packet to said operating system in said first 
memory area (col.9 lines 63-67; col. 10 lines 30-34; col.21 lines 19-28). 

Regarding claim 14, Fletcher et al teach a digital computer configurable for 
transmitting digital data across a communications network, said digital computer 
comprising; 

at least one microprocessor unit (col. 8 lines 3-9); 

a memory means, wherein said memory means is logically sub divided into at 
least a first memory area and a second memory area and characterized by further 
comprising (fig.4); 

a redirection means for writing data from said first memory area to said second 
memory area and from said second memory area to said first memory area (fig.4; col. 
8 lines 61-65; col.9 line 63 thru col. 10 line 10; col. 11 lines 15-18; col.10 lines 30-34); 
and 

encryption means logically located within said second memory area, said 
encryption means configurable for encrypting said digital data (col.10 lines 1-10; col.1 1 
lines 15-18). 

Regarding claim 15, Fletcher et al teach a digital computer configurable for 
receiving digital data transmitted across a communications network, said digital 
computer comprising: 

at least one microprocessor unit (col.8 lines 3-9); 
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a memory means, wherein said memory means is assigned into at least a first 
memory area and a second memory area and characterized by further comprising 

(fig.4); 

a redirection means for writing data from said first memory area to said second 
memory area and from said second memory area to said first memory area (fig.4; col. 
8 lines 61-65; col.9 line 63 thru col. 10 line 10; col.1 1 lines 15-18; col. 10 lines 30-34); 
and 

decryption means logically located within said second memory area for 
decrypting data stored in said second memory area, said decryption means being 
configurable for decrypting said data (col.10 lines 1-10; col.11 lines 15-18). 

Regarding claim 16, Fletcher et al teach a digital computer as claimed in claim 
15, wherein said redirection means comprises; 

a redirection layer (fig.4; col.8 lines 61-65); and 

a port for interfacing said redirection layer and said encryption means (col.9 
lines 63-67; col.10 lines 30-34). 

Regarding claim 17, Fletcher et al teach a digital computer as claimed in claim 
15, wherein said encryption means logically located within said second memory area 
comprises: 

an internet protocol security stack (col.10 lines 1-10; col. 11 lines 15-18); 

and 
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a database configurable to contain key data for encrypting said data (col.1 1 
lines 12-30). 



Regarding claim 26, Fletcher et al teach a method of encryption processing a 
plurality of packet data streams between first and second layers of a communications 
protocol stack, said method comprising the steps of: 

receiving a first said data packet stream from a first layer of said protocol stack 
in a first memory area (fig. 3; col.9 lines 27-33); 

sending said data packet stream to a first compartmented memory area (fig.4; 
col. 10 lines 30-40; col. 11 lines 12-38); 

running an encryption process on said first data packet stream in said first 
compartmented memory area for encryption or decryption of said data packet stream 
(col. 10 lines 1-10; col.11 lines 12-18); 

returning said processed data packet stream from said first compartmented 
memory area to a second layer of said communications protocol stack in said first 
memory area (col. 10 lines 30-35; col.21 lines 23-28); 

receiving a second packet data stream from a said first or second layer of said 
communications protocol stack in said first memory area (fig. 3; col.9 lines 27-33); 

sending said second data packet stream to a second compartmented memory 
area (fig.4; col. 10 lines 30-40; col. 11 lines 12-38); 
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encryption processing said second data packet stream in said second 
compartmented memory area for encryption or decryption of said data packet stream 
(col. 10 lines 1-10; col.11 lines 12-18); and 

returning said processed second packet data stream to the other one of said first 
or second said layers of said communications protocol stack in said first memory area 
(col. 10 lines 30-35; col.21 lines 23-28), 

wherein said first compartmented memory area is assigned to said first process, 
said second compartmented memory area is assigned to said second process, and said 
first memory area is assigned to an operating system of said computing entity (fig.4; 
col. 10 lines 30-40; col.1 1 lines 12-38). 

Regarding claim 27, Fletcher et al teach the method as claimed in claim 26, 
comprising the step of running a plurality of processes in a said compartmented 
memory area, for processing a single said packet data stream (fig.4; col. 10 lines 30-40; 
col.1 1 lines 12-38). 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tremayne M. Norris whose telephone number is (703) 
305-8045. The examiner can normally be reached on M-F 7:30AM-5:00PM alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (703) 305-4789. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Tremayne Norris 
February 18,2004 




PRIMARY EXAMINER 



